Unix domain sockets

Unlike other browsers, Outer Loop can connect to Unix domain sockets, both on remote machines and on localhost. It will only connect to a socket if it is listed in an allow-list on the target machine.

A Unix domain socket is like a port, but instead of being a simple integer, it lives at a file path. This is useful because while ports can be accessed by all users, file paths are more locked down.

This capability has been proposed before, and browsers didn’t incorporate it because:

It’s niche, especially in conventional browsers that don’t support SSH.
Many services don’t expect browsers to be able to connect to their sockets, so this would open up a possible attack vector.

The natural solution to this second concern is to rely on allow-lists. These allow lists are newline-delimited lists of sockets.

Linux:

User sockets: $HOME/.config/outerloop/http-unix.allow
Root sockets: /etc/outerloop/http-unix.allow

macOS:

User sockets: ~/Library/Application Support/dev.outergroup.OuterLoop/http-unix.allow
Root sockets: /Library/Application Support/dev.outergroup.OuterLoop/http-unix.allow

When Outer Shell registers an app, it adds its socket to this allow list.

Typically you’ll navigate to sockets via Outer Shell. To navigate manually, the format is as follows:

http+unix://%2Frun%2Forg.outershell.Plaintext/?file=/etc/hosts

This connects to the socket /run/org.outershell.Plaintext with the URL path /?file=/etc/hosts. Each “%2F” is a url-encoded ‘/’.

Outer Loop avoids showing ugly strings like this in UI, except when necessary. This is the string format used by other tools that support HTTP over Unix sockets. It’s not pretty, but it’s admittedly an overconstrained problem, packing a socket into a string that successfully parses as a conventional URL.